Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Microsoft
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: IIS Script source access permission and NTFS DACLs

from [Ömer Faruk Özer] Network Security [Permanent Link]
Subject: RE: IIS Script source access permission and NTFS DACLs
Date: Wed, 14 Dec 2005 09:09:01 +0200 
I just want to know WHY Write (NTFS) permission is required for reading the
source code of a script.

Both IIS5.0 and IIS6.0 have the same behavior. 

 
Ömer Faruk Özer
      Araştırmacı
      Ulusal Elektronik ve Kriptoloji Araştırma Enstitüsü
      PK 74, 41470 Gebze, KOCAELİ, TÜRKİYE
 
      Tel         : +90 262 648 16 21
      Fax         : +90 262 648 11 00
      e-posta     : faruk.ozer@uekae.tubitak.gov.tr

-----Original Message-----
From: M. Burnett [mailto:mb@xato.net] 
Sent: Tuesday, December 13, 2005 10:14 PM
To: faruk.ozer@uekae.tubitak.gov.tr; focus-ms@securityfocus.com
Subject: Re: IIS Script source access permission and NTFS DACLs

We really could use more detail about what you are saying/asking here. What
version of IIS are you talking about? Also, what read/write permissions are
you talking about? Do you mean the settings in IIS or the actual NTFS
permissions?

One caution--allowing WebDAV access to your website and giving the anonymous
user write or even read permissions can be very dangerous.


Mark Burnett




On Tue, 13 Dec 2005 14:42:17 +0200, Ömer Faruk Özer wrote:

 Hi,

 "Script source access" permission in IIS allows users to see source
 code of scripts. This is achieved by sending "translate: f" WebDAV
 header after GET method.

 Here is an example you can try with telnet:

 GET /login.asp HTTP/1.0
 translate: f


 If following conditions are met you should see the source code of
 the script instead of its processed output.

 1. WebDAV must be enabled. Because translate: f is a WebDAV header
 2. Script source access must be checked
 3. NTFS DACL of the login.asp must be IUSR_machinename:WRITE (if
 Anonymous authentication is in place)

 Is there anybody who knows why just READ right is not enough?

 Omer Faruk Ozer
 Researcher
 National Research Institute of Electronics and Cryptology P.O. Box
 74, 41470 Gebze, KOCAELI, TURKEY

 Phone                : +90 262 648 16 21
 Fax                : +90 262 648 11 00
 e-mail        : faruk.ozer@uekae.tubitak.gov.tr


 --------------------------------------------------------------------
 ------- ------------------------------------------------------------
 ---------------




---------------------------------------------------------------------------
---------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  SecurityFocus Microsoft Newsletter #269, Marc Fossi
Next by Date:  sober resurfacing, Curt Shaffer
Previous by Thread:  Re: IIS Script source access permission and NTFS DACLs, M. Burnett
Next by Thread:  Reviews on Microsoft Communications Protocol Program (MCPP), Joshua Russel
Indexes:  [Date] [Thread] [Top] [All Lists]